mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2024-11-22 04:38:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
797d73ee23
linux/net
History
Toke Høiland-Jørgensen 09d88791c7 bpf: Make sure internal and UAPI bpf_redirect flags don't overlap 
The bpf_redirect_info is shared between the SKB and XDP redirect paths,
and the two paths use the same numeric flag values in the ri->flags
field (specifically, BPF_F_BROADCAST == BPF_F_NEXTHOP). This means that
if skb bpf_redirect_neigh() is used with a non-NULL params argument and,
subsequently, an XDP redirect is performed using the same
bpf_redirect_info struct, the XDP path will get confused and end up
crashing, which syzbot managed to trigger.

With the stack-allocated bpf_redirect_info, the structure is no longer
shared between the SKB and XDP paths, so the crash doesn't happen
anymore. However, different code paths using identically-numbered flag
values in the same struct field still seems like a bit of a mess, so
this patch cleans that up by moving the flag definitions together and
redefining the three flags in BPF_F_REDIRECT_INTERNAL to not overlap
with the flags used for XDP. It also adds a BUILD_BUG_ON() check to make
sure the overlap is not re-introduced by mistake.

Fixes: e624d4ed4a ("xdp: Extend xdp_redirect_map with broadcast support")
Reported-by: syzbot+cca39e6e84a367a7e6f6@syzkaller.appspotmail.com
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Closes: https://syzkaller.appspot.com/bug?extid=cca39e6e84a367a7e6f6
Link: https://lore.kernel.org/bpf/20240920125625.59465-1-toke@redhat.com
2024-10-01 21:40:12 +02:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25
batman-adv Updates for timers and timekeeping: 2024-09-17 07:25:37 +02:00
bluetooth Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL 2024-09-10 13:07:24 -04:00
bpf bpf: use type_may_be_null() helper for nullable-param check 2024-09-05 13:29:06 -07:00
bridge netfilter: br_netfilter: Unmask upper DSCP bits in br_nf_pre_routing_finish() 2024-09-09 14:14:52 +01:00
caif net: caif: remove unused name 2024-09-12 20:29:04 -07:00
can Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-09-15 09:13:19 -07:00
ceph
core bpf: Make sure internal and UAPI bpf_redirect flags don't overlap 2024-10-01 21:40:12 +02:00
dcb
dccp
devlink
dns_resolver
dsa net: dsa: microchip: update tag_ksz masks for KSZ9477 family 2024-09-10 17:27:56 -07:00
ethernet
ethtool net: ethtool: phy: Don't set the context dev pointer for unfiltered DUMP 2024-09-13 21:40:12 -07:00
handshake
hsr Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-09-12 17:11:24 -07:00
ieee802154
ife
ipv4 bpf-next-6.12 2024-09-21 09:27:50 -07:00
ipv6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-09-15 09:13:19 -07:00
iucv
kcm
key
l2tp
l3mdev
lapb
llc
mac80211 wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() 2024-09-09 11:45:06 +02:00
mac802154
mctp
mpls
mptcp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-09-12 17:11:24 -07:00
ncsi
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-09-15 09:13:19 -07:00
netlabel
netlink
netrom
nfc
nsh
openvswitch
packet net: add support for skbs with unreadable frags 2024-09-11 20:44:31 -07:00
phonet
psample
qrtr
rds
rfkill
rose
rxrpc
sched sch_cake: constify inverse square root cache 2024-09-10 18:31:52 -07:00
sctp sctp: Unmask upper DSCP bits in sctp_v4_get_dst() 2024-09-09 14:14:53 +01:00
smc net/smc: add sysctl for smc_limit_hs 2024-09-10 12:11:04 +02:00
strparser
sunrpc SUNRPC: replace program list with program array 2024-09-23 15:03:30 -04:00
switchdev
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-09-15 09:13:19 -07:00
tls net: tls: wait for async completion on last message 2024-09-06 18:20:55 -07:00
unix af_unix: Don't return OOB skb in manage_oob(). 2024-09-09 17:14:27 -07:00
vmw_vsock
wireless wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors 2024-09-09 11:43:21 +02:00
x25
xdp bpf-next-6.12 2024-09-21 09:27:50 -07:00
xfrm ipsec-next-2024-09-10 2024-09-10 19:00:47 -07:00
compat.c
devres.c
Kconfig memory-provider: disable building dmabuf mp on !CONFIG_PAGE_POOL 2024-09-13 11:41:45 -07:00
Kconfig.debug
Makefile
socket.c struct fd layout change (and conversion to accessor helpers) 2024-09-23 09:35:36 -07:00
sysctl_net.c